This documentation is for WSO2 App Manager 1.0.0. View documentation for the latest release.
Page Comparison - Securing with SAML2 SSO (v.8 vs v.9) - App Manager 1.0.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Once a Web application is published from App Manager publisher, synapse handler for SAML SSO is attached to the synapse configurations as follows.
    <handler class="org.wso2.carbon.appmgt.gateway.handlers.security.saml2.SAML2AuthenticationHandler"/>

    The SAML2AuthenticationHandler validates incoming requests. If authenticated cookie is not found, request is sent to the IDP. The IDP URL is configured as a synapse sequence as follows.

    Info

    If App Manager is running with a port offset of zero and default IDP is used, then these configurations need not to be changed.

    Code Block
    languagehtml/xml
    <sequence xmlns="http://ws.apache.org/ns/synapse" name="saml2_sequence">
        <property name="uri.var.saml2.request" expression="get-property('SAMLRequest')" />
        <call>
            <endpoint xmlns="http://ws.apache.org/ns/synapse" name="HTTPEndpoint">
                <http uri-template="https://localhost:9443/samlsso?SAMLRequest={uri.var.saml2.request}" method="POST">
            </http>
         </endpoint>
       </call>
        <respond/>
    </sequence>
  2. Add the Web application as a service provider in service provider configurations in IDP. For more information on configuring a SAML2 service provider in WSO2 Identity Server, go to Adding a Service Provider.

    Info

    When setting up a service provider;

    • Web application name should be provided as the issuer in the service provider configuration.

    • Assertion consumer URL should be gateway URL of the Web application.

  3. Enable authentication session persistence. For instructions, see Enabling Authentication Session Persistence.

Once above setup is done, subscribed users can access the Web application in SSO mode. In SSO mode, you only needs authentication done once. If you access another subscribed application from the same browser, you will be logged in to the second application automatically. 

...